From 7a8884d9faf8c47ead5b9e00eaeac58aff0fa2aa Mon Sep 17 00:00:00 2001 From: Tim Brooks Date: Mon, 16 Jan 2017 09:17:44 -0600 Subject: [PATCH] Wrap rest httpclient with doPrivileged blocks (#22603) This is related to #22116. A number of modules (reindex, etc) use the rest client. The rest client opens connections using the apache http client. To avoid throwing SecurityException when using the SecurityManager these operations must be privileged. This is tricky because connections are opened within the httpclient code on its reactor thread. The way I confronted this was to wrap the creation of the client (and creation of reactor thread) in a doPrivileged block. The new thread inherits the existing security context. --- .../java/org/elasticsearch/client/RestClientBuilder.java | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/client/rest/src/main/java/org/elasticsearch/client/RestClientBuilder.java b/client/rest/src/main/java/org/elasticsearch/client/RestClientBuilder.java index d881bd70a44..4466a61d9df 100644 --- a/client/rest/src/main/java/org/elasticsearch/client/RestClientBuilder.java +++ b/client/rest/src/main/java/org/elasticsearch/client/RestClientBuilder.java @@ -28,6 +28,8 @@ import org.apache.http.impl.nio.client.CloseableHttpAsyncClient; import org.apache.http.impl.nio.client.HttpAsyncClientBuilder; import org.apache.http.nio.conn.SchemeIOSessionStrategy; +import java.security.AccessController; +import java.security.PrivilegedAction; import java.util.Objects; /** @@ -177,7 +179,12 @@ public final class RestClientBuilder { if (failureListener == null) { failureListener = new RestClient.FailureListener(); } - CloseableHttpAsyncClient httpClient = createHttpClient(); + CloseableHttpAsyncClient httpClient = AccessController.doPrivileged(new PrivilegedAction() { + @Override + public CloseableHttpAsyncClient run() { + return createHttpClient(); + } + }); RestClient restClient = new RestClient(httpClient, maxRetryTimeout, defaultHeaders, hosts, pathPrefix, failureListener); httpClient.start(); return restClient;